asterisk.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2013-03-27	AST-2013-001: Prevent buffer overflow through H.264 format negotiation	Matthew Jordan
	The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP. The value passed in with the format attribute is not checked for its length when parsed into a fixed length buffer. This patch resolves the vulnerability by only reading as many characters from the SDP value as will fit into the buffer. (closes issue ASTERISK-20901) Reported by: Ulf Harnhammar patches: h264_overflow_security_patch.diff uploaded by jrose (License 6182) ........ Merged revisions 383973 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383975 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-09-24	Fix an issue with H.264 format attribute comparison and fix an issue with ↵	Joshua Colp
	improper SDP being produced. The H.264 format attribute module compares two format attribute structures to determine if they are compatible or not. In some instances it was possible for this check to determine that both structures were incompatible when they actually should be considered compatible. This check has now been made even more permissive by assuming that if no attribute information is available the two structures are compatible. If both structures contain attribute information a base level comparison of the H.264 IDC value is done to see if they are compatible or not. The above issue uncovered a secondary issue in chan_sip where the SDP being produced would be incorrect if the formats were considered incompatible. This has now been fixed by checking that all information required to produce the SDP is available instead of assuming it is. (closes issue ASTERISK-20464) Reported by: Leif Madsen ........ Merged revisions 373413 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373414 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-08-17	Add some additional H.264 attributes, "max-smbps" and "max-fps", for ↵	Joshua Colp
	passthrough. (closes issue ASTERISK-20206) Reported by: ddkprog Patches: res_format_attr_h264.c.diff uploaded by ddkprog (license 6008) ........ Merged revisions 371426 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371427 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-07-13	Reduce memory consumption and add the H.264 and H.263 modules I shamefully ↵	Joshua Colp
	neglected to add. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@370060 65c4cc65-6c06-0410-ace0-fbb531ad65f3